### 简要描述: 需要主动触发。 ### 详细说明: http://www.hr135.com/ask/index.php 测试地址:http://www.hr135.com/ask/index.php?c=content&id=162 [<img src="https://images.seebug.org/upload/201408/110012500b0e8fb000e05f7b8bf74bfaeb2a6b33.jpg" alt="360截图20140811000124015.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/110012500b0e8fb000e05f7b8bf74bfaeb2a6b33.jpg) 超级链接写入:javasc
ript:al
ert(1) &NewLine是HTML5新增的实体命名编码 [<img src="https://images.seebug.org/upload/201408/11001436f6bbea046c3b2c6a698b9cda7504c987.jpg" alt="360截图20140811000153296.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/11001436f6bbea046c3b2c6a698b9cda7504c987.jpg) firebug之类工具修改链接名称增加欺骗性 [<img src="https://images.seebug.org/upload/201408/11001536ba342a29a14429305a6bf6a67cf7f6d7.jpg" alt="360截图20140811000226250.jpg" width="600"...
### 简要描述: 需要主动触发。 ### 详细说明: http://www.hr135.com/ask/index.php 测试地址:http://www.hr135.com/ask/index.php?c=content&id=162 [<img src="https://images.seebug.org/upload/201408/110012500b0e8fb000e05f7b8bf74bfaeb2a6b33.jpg" alt="360截图20140811000124015.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/110012500b0e8fb000e05f7b8bf74bfaeb2a6b33.jpg) 超级链接写入:javasc
ript:al
ert(1) &NewLine是HTML5新增的实体命名编码 [<img src="https://images.seebug.org/upload/201408/11001436f6bbea046c3b2c6a698b9cda7504c987.jpg" alt="360截图20140811000153296.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/11001436f6bbea046c3b2c6a698b9cda7504c987.jpg) firebug之类工具修改链接名称增加欺骗性 [<img src="https://images.seebug.org/upload/201408/11001536ba342a29a14429305a6bf6a67cf7f6d7.jpg" alt="360截图20140811000226250.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/11001536ba342a29a14429305a6bf6a67cf7f6d7.jpg) 成功触发JS 使用追问功能再次添加超级链接:javasc
ript:al
ert(doc
ument.coo
kie 成功弹出cookie ### 漏洞证明: [<img src="https://images.seebug.org/upload/201408/11001757e22de4fcda921a560ca7c7b1bbb2e55e.jpg" alt="360截图20140811001739156.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/11001757e22de4fcda921a560ca7c7b1bbb2e55e.jpg)
